diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 935dd195ac3e4c87808b19a6c131afcbc333e17e..195eeb0cf59128a3889d887ca2da0a858254adf3 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -851,6 +851,8 @@ Prosody is configured as follows:
 * Self-registration is not allowed.
 * TLS is configured. Legacy TLS is available on port 5223.
 * Client-to-server communication requires encryption (TLS).
+* Uses 2048-bit Diffie-Hellman parameters for relevant TLS ciphers for
+  incoming connections.
 * Authentication is done via LDAP. For setting the LDAP TLS truststore, see
   :ref:`LDAP Client <ldap_client>`.
 * Internal storage is used.
@@ -1014,6 +1016,8 @@ Deployed services are configured as follows:
 * Mail is stored in directory ``/var/MAIL_USER/DOMAIN/USER``, using ``Maildir``
   format.
 * TLS is required for user log-ins for both SMTP and IMAP.
+* Uses 2048-bit Diffie-Hellman parameters for relevant TLS ciphers for
+  incoming connections.
 * For user submission (SMTP), users must connect and authenticate over TCP
   port 587.
 * Configures TLS versions and ciphers supported by Dovecot.
@@ -1253,6 +1257,8 @@ Postfix is configured as follows:
 * TLS is enforced for relaying mails, with configurable truststore for server
   certificate verification if SMTP relay is used. If SMTP relay is not used
   (configured), no certificate verification is done.
+* Uses 2048-bit Diffie-Hellman parameters for relevant TLS ciphers for
+  incoming connections.
 
 
 Role dependencies
@@ -1338,6 +1344,8 @@ The role implements the following:
   index page.
 * Deploys the HTTPS TLS private key and certificate (for default vhost).
 * Configures TLS versions and ciphers supported by Nginx.
+* Uses 2048-bit Diffie-Hellman parameters for relevant TLS ciphers for
+  incoming connections.
 * Configures firewall to allow incoming connections to the web server.
 * Installs and configures virtualenv and virtualenvwrapper as a common base for
   Python apps.